0

I am sending customer information from the webplatform Second Life via a weblink and php to an SQL server. My SQL server is hosted by the biggest web hosting company in Europe, so I wouldn't expect an error from their end.

I have written a very simple PHP script that translates the information for the database, something that I have done many times successfully. This time a very unexpected error occured: When I test the URL including the variables, then I get following message: The requested URL / was not found on this server ...

THis is the PHP code:

<?php

//You need to insert your specific data for "DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE"

$con=mysqli_connect("DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

//use the parameters in the http-link to set the $ variables and real escape them for security reasons 

$key = mysqli_real_escape_string($con, $_GET['key']); 
$name = mysqli_real_escape_string($con, $_GET['name']); 
$pass = mysqli_real_escape_string($con, $_GET['pass']); 
$mailinglist = "1"; 

//Insert the $ variables into the table 
$sql="INSERT INTO SAGS_Global_Players (key, name, pass, mailinglist) VALUES ('$key', '$name', '$pass', '$mailinglist')"; 

//for debugging: print out the db query on the screen
//echo $sql . '<br/>'; 

if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } 


//close connection to database
mysqli_close($con); ?>

The web address "http://webaddress/8ftgde/newplayer.php&key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&name=estelle.pie&pass=6fcrV1vZUC&mailinglist=1"

gives the result:

Not Found

The requested URL http://webaddress/8ftgde/newplayer.php&key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&name=estelle.pie&pass=GpTIVOavhc was not found on this server.

If I use the same address without the variables (= http://webaddress/8ftgde/newplayer.php), then a new database entry is created. But (of course) only the auto incremented customer number and the constant variable "1" for mailinglist are entered.

Help anyone?

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Pienaar
  • 25
  • 4
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) You should learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php). – Jay Blanchard Sep 02 '15 at 17:53
  • add '?' into the url. Instead of "..../newplayer.php&key=..." use ".../newplayer.php?key=...". Make sure to keep the rest of your '&' symbols in the url. – Scott Sep 02 '15 at 17:56
  • "Second Life" is _still_ not dead? Wow. – arkascha Sep 02 '15 at 17:56
  • @ Scott: OMG, the question mark...! I am so emberassed. Thank you! I need new glasses. – Pienaar Sep 02 '15 at 18:02
  • @ Arkascha: SL still has 700.000 unique users each month and creative individuals had an income of $60 million total last year by selling their virtual products to other customers. Not bad, is it? – Pienaar Sep 02 '15 at 18:05

2 Answers2

0

Please check your .htaccess file if there any change made this error

Mohammed Elhag
  • 4,272
  • 1
  • 10
  • 18
-1

I am putting Scott's comment up as answer. If you want to do it yourself Scott, then I will mark it with best answer. I did the most stupid mistake possible: I forgot to put a question mark before my variables in the link. Shame on me!

Pienaar
  • 25
  • 4